Though the San Bernardino iPhone Case seems to have ended without much uproar, the debate on device-side encryption is far from over, as was evidenced during a House Judiciary hearing Tuesday. At the same, many applications are rolling out stronger encryption mechanisms to protect their users against snooping. WhatsApp recently rolled out a sweeping change, expanding end-to-end encryption to all messages on their platform, and just this week, Viber rolled out its new encrypted service.
What’s up with WhatsApp?
Since 2014, WhatsApp has used end-to-end encryption for many of its users through a partnership with Open Whisper Systems. This makes it difficult for anyone, including WhatsApp, to read its users’ messages without the end-user device itself.
WhatsApp isn’t the only application to offer end-to-end encryption. iMessage, Telegram, Viber, and Open Whisper System’s own Signal Private Messenger all offer end-to-end encryption. In the past, Skype offered its own encryption but is moving toward server-only encryption.
WhatsApp’s dedication to user privacy has been controversial in some areas. In Brazil, WhatsApp was temporarily blocked last December, and a Facebook executive was arrested last month for failing to turn over user data. While, in the U.S., the Justice Department is determining how to proceed with a wiretap order stymied by WhatsApp's encryption.
Server-side vs. End-to-end encryption
But let’s take step back a moment. To get at the heart of the controversy, it’s important to understand the difference between end-to-end encryption, server-side encryption, and transport layer encryption.
End-to-end Encryption works by keeping data encrypted at all times between two or more parties. Only the parties involved in the conversation or call have access to the decryption keys. This makes it very difficult for eavesdropping or wiretapping as the data will be undecipherable to anyone without a valid key. A variation on this, client-side encryption, secures cloud storage.
Server-side and Transport Layer Encryption can be used independently or in tandem to help secure an application. Server-side encryption can be used to secure data while at rest on the cloud server. Transport layer encryption, such as TLS and SSL, are used to encrypt data while in transit. In both cases, the cloud server will have the keys to decrypt the data.
None of these methods are invulnerable, of course. In the case of end-to-end encryption, an attacker can gain access to a user’s device to compromise their decryption keys. In the case of server-side encryption, an attacker would need to compromise both the database (where the messages are stored) and the application server (where the keys are stored) in order to gain full access.
End-to-end: Never the apple of the government’s eye
The key issue is the use of end-to-end encryption instead of server-side encryption. End-to-end encryption prevents outside entities, including governments, from obtaining user data unless they have access to the individual’s physical device. Without a backdoor or other decryption mechanism, it makes it nearly impossible to comply with wiretap orders or information requests.
This is not the first time the U.S. government has attempted to target encrypted data. There have been a number of attempts in the past, many of which were dropped or otherwise unsuccessful.
In the early 1990s the government attempted to create theClipper Chip. The device was intended to encrypt voice communications to ensure privacy, while allowing the government to petition “escrow agents” for access to the keys upon valid legal authorization. A similar device would encrypt data as well. There was heavy industry resistance, and in 1994 a security researcherpublished a paper highlighting some security vulnerabilities of the related Skipjack encryption protocol. The proposal was all but dead by 1996.
In 2006, the FCC made clear that theCommunications Assistance for Law Enforcement Act of 1994 applied to interconnected Voice over Internet Protocol (VoIP) providers. Theorder confirmed that applications that interacted with the public telephone lines (such as Skype) would need to comply with CALEA. The FCC never expanded this order to include VoIP services that did not interact with the public telephone system.
In 2010, a number of government agencies put forward aproposed requirement that all peer-to-peer messengers be able to comply with a wiretap order. The mandate would require technologies to be able to intercept and decrypt messages between the parties. This was attempted again in 2013. These were both intended as amendments to CALEA.
After the Snowden disclosures, companies began to expand encryption on phones and email. Google has been expanding email security for the past several years, and now tells you when senders/recipients don't utilize encryption. It is has also announced plans to make it easier to implement end-to-end encrypted email.
The future of encryption
The FBI’s heavy-handed tactics in the San Bernardino iPhone case may have actually backfired. In addition to WhatsApp’s move, there are reports that companies are planning to expand encryption on many instant messaging and VoIP clients.
It’s difficult to identify how courts may weigh in on the San Bernardino and similar cases. Like San Bernardino, many of them in the past have been dropped after companies and organizations have offered assistance. Even last September, the Justice Department and FBI dropped a plan to force Apple to decrypt iMessage data. We might see something similar happen with WhatsApp soon.
It seems unlikely that the U.S. government will back down on this matter. It’s clear they want to attempt to establish precedent giving them access, either via wiretapping or other orders, to encrypted user data. The Compliance with Court Orders Act aims to do just that, requiring backdoors in all software and hardware that can be accessed with a valid court order.
Congress is likely to continue discussions on encryption over the next year, and public opinion remains heavily divided. It seems most likely that at some point, either CALEA will be amended in some fashion to tackle end-to-end encryption, or an entirely new law will be put into place. Sens. Diane Feinstein, D-Calif., and Richard Burr, R-N.C., have already proposed such legislation.
What’s right for companies?
For most companies and products, server-side encryption still makes the most sense. End-to-end encryption can be difficult to setup, and primarily remains useful for the VoIP and instant messaging spaces. For more general services, such as social networks, end-to-end encryption makes less business sense.
However, if your service facilitates communication between small groups of people, you may want to use end-to-end encryption. The industry seems to be moving in that direction and it can be a clear selling point to your customers.
The best thing you can do is keep an eye on the situation. It is doubtful a mechanism such as the Clipper Chip will resurface. But a future amendment to CALEA may require wiretap access to law enforcement agencies. This would require engineering a mechanism to grant that access into your application. It could be for messages and calls between the parties moving forward, or the entire message history between the two parties. If the requirement is for the latter, those keys would need to be generated at the beginning of the conversation, which would require additional protective layers to keep that information safe.
Without clear guidance on how to move forward, some companies do not want to implement an access mechanism until they receive a request, and in the case of Apple they may fight back against those requests. Others may opt to implement access in order to avoid costly litigation between their organization and the government.
It seems unlikely we’ll see a perfect solution to this debate. Security activists will continue to point out the increased vulnerability that comes with the addition of law enforcement access, and law enforcement will continue to point to their need to keep citizens safe. However, it seems inevitable that we will see more guidance for companies coming soon, either through the courts or through Congress.
Unfortunately for WhatsApp, how the DOJ proceeds may force them to make this decision sooner than later. It will be interesting to see how the DOJ and foreign governments such as Brazil respond to increased encryption.